![background image](http://html.mh-extra.com/html/cisco/air-wlc2006-k9-wireless-lan-controller-2006/air-wlc2006-k9-wireless-lan-controller-2006_configuration-manual_64446134.webp)
6-8
Cisco Wireless LAN Controller Configuration Guide
OL-8335-02
Chapter 6 Configuring WLANs
Configuring Wireless LANs
IPSec Passthrough
IPSec IKE uses IPSec Passthrough to allow IPSec-capable clients to communicate directly with other
IPSec equipment. IPSec Passthrough is also known as VPN Passthrough. Enter this command to enable
IPSec Passthrough for a wireless LAN:
•
config wlan security passthru {enable | disable}
wlan-id
gateway
–
For
gateway
, enter the IP address of the IPSec (VPN) passthrough gateway.
•
Enter
show wlan
to verify that the passthrough is enabled.
Web-Based Authentication
Wireless LANs can use web authentication if IPSec is not enabled on the controller. Web Authentication
is simple to set up and use, and can be used with SSL to improve the overall security of the wireless
LAN. Enter these commands to enable web authentication for a wireless LAN:
•
config wlan security web
{
enable
|
disable
}
wlan-id
•
Enter
show wlan
to verify that web authentication is enabled.
Local Netuser
Cisco Wireless LAN Controllers have built-in network client authentication capability, similar to that
provided by a RADIUS authentication server. Enter these commands to create a list of usernames and
passwords allowed access to the wireless LAN:
•
Enter
show netuser
to display client names assigned to wireless LANs.
•
Enter
config netuser add
username
password
wlan-id
to add a user to a wireless LAN.
•
Enter
config netuser wlan-id
username
wlan-id
to add a user to a wireless LAN without specifying
a password for the user.
•
Enter
config netuser password
username
password
to create or change a password for a particular
user.
•
Enter
config netuser delete
username
to delete a user from the wireless LAN.
Configuring Quality of Service
Cisco WLAN Solution wireless LANs support four levels of QoS: Platinum/Voice, Gold/Video,
Silver/Best Effort (default), and Bronze/Background. You can configure the voice traffic wireless LAN
to use Platinum QoS, assign the low-bandwidth wireless LAN to use Bronze QoS, and assign all other
traffic between the remaining QoS levels. Enter these commands to assign a QoS level to a wireless
LAN:
•
config wlan qos
wlan-id
{
bronze
|
silver
|
gold
|
platinum
}
•
Enter
show wlan
to verify that you have QoS properly set for each wireless LAN.
The wireless LAN QoS level (platinum, gold, silver, or bronze) defines a specific 802.11e user priority
(UP) for over-the-air traffic. This UP is used to derive the over-the-wire priorities for non-WMM traffic,
and it also acts as the ceiling when managing WMM traffic with various levels of priorities. The access
point uses this QoS-profile-specific UP in accordance with the values in
Table 6-1
to derive the IP DSCP
value that is visible on the wired LAN.